By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Chapter 2: Attacks and Risks

802.11 networks have unique vulnerabilities that make them an ideal avenue of attack. Wireless networks cannot be physically secured the same way a wired network can be. An attack against a wireless network can take place anywhere: from the next office, the parking lot of your building, across the street in the park, or a bluff many miles away.

Understanding the details of various attacks against your wireless infrastructure is critical to determining how to defend yourself. Some attacks are easy to implement but aren't particularly dangerous. Other attacks are much more difficult to mount but can be devastating. Like any other aspect of security, wireless security is a game of risk. By knowing the risks involved in your network and making informed decisions about security measures, you have a better chance at protecting yourself, your assets, and your users.

Throughout this book, we will work toward the creation of the example network illustrated in Figure 2-1. This network is split into three segments: the Internet, a wireless network containing access points and wireless clients, and a wired network containing workstations, servers, and other devices. A gateway mediates the traffic between these three segments. The focus of this book is the security of the gateway, access points, and wireless clients. We will also investigate the effects the security of these components has upon the rest of the network and the external security issues that originate from outside the wireless network.

All of these network components must work together, and implement complimentary security, to establish a secure network. With that in mind, we will begin by examining the classes of threats to the wireless network.

If the diversity antennas do not cover the same region of space, an attacker can deny service to associated stations by exploiting this improper setup, as shown in Figure 2-2. If diversity antennas A and B are attached to an AP, they are setup to cover both sides of the wall independently. Alice is on the left side of the wall, so the AP will choose antenna A for the sending and receiving frames. Bob is on the opposite side of the wall from Alice and will therefore send and receive frames with antenna B. Bob can take Alice off the network by changing his MAC address to be the same as Alice's. Then Bob can guarantee that his signal is stronger on antenna B than Alice's signal on antenna A by using a amplifier or other enhancement mechanism. Once Bob's signal has been detected as the stronger signal on antenna B, the AP will send and receive frames for the MAC address on antenna B. As long as Bob continues to send traffic to the AP, Alice's frames will be ignored.

Unfortunately, several flaws in WEP have been uncovered as discussed in "Wireless DoS Attacks." Even with WEP turned on, a determined attacker can potentially log gigabytes worth of WEP-protected traffic in an effort to post-process the data and break the protection. These weaknesses in WEP drastically increase the risk due to eavesdropping. If WEP is cracked, there is great deal of sensitive data that is passed across networks with no further encryption, such as a user who accesses his mail using the POP or IMAP protocols. These protocols are widely deployed without any form of encryption for authentication or data transport, putting the users at risk when using a wireless network.

Illicit resource use is a risk for several reasons. An attacker may launch attacks against external servers. These attacks will be seen as originating from the IP addresses of the owner of the access point. If these exploits are detected by remote administrators, they will be tracked down to the owner of the AP. The AP owner may be subject to punishment from his ISP or even a criminal investigation. Without a clear and complete audit trail, this form of illicit use may cause large problems for the AP owner.

In addition, the AP owner may be paying for transit to the Internet on a usage basis. If an attacker is using relatively large amounts of bandwidth, his usage may cost the AP owner money. Even when Internet access is not paid for on a usage basis, the attacker may be using enough bandwidth to infringe on the legitimate use by other clients using the same Internet connection. If an attacker is downloading mp3s via a 265 kb/s DSL connection, then other users of the DSL connection may experience extremely slow connectivity to external services.

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy